Lucene search
K

22187 matches found

Cvelist
Cvelist
added 2026/01/19 1:2 a.m.17 views

CVE-2026-1131 Yonyou KSOA HTTP GET Parameter save_catalog.jsp sql injection

A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS0.0051EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/19 1:2 a.m.3 views

CVE-2026-1131

A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

9.8CVSS5.4AI score0.0051EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/19 12:32 a.m.4 views

CVE-2026-1130

A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksaddplan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS5.3AI score0.00493EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/19 12:22 a.m.8 views

CVE-2026-1106

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...

5.5CVSS6.4AI score0.00393EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.7 views

PT-2026-3451

A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used...

5.1CVSS3.9AI score0.00191EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.4 views

Static Detection of Core Structures in Tigress Virtualization-Based Obfuscation Using an LLVM Pass

Malware often uses obfuscation to hinder security analysis. Among these techniques, virtualization-based obfuscation is particularly strong because it protects programs by translating original instructions into attacker-defined virtual machine VM bytecode, producing long and complex code that is...

5.7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2026/01/19 12:0 a.m.4 views

CVE-2026-1144

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is...

8.8CVSS6.2AI score0.00349EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.9 views

PT-2026-3479

Name of the Vulnerable Software and Affected Versions birkir prime versions prior to 0.4.0.beta.0 Description A flaw exists in birkir prime up to version 0.4.0.beta.0, specifically within the GraphQL Field Handler component. A manipulation of an unknown function within the /graphql file can lead ...

6.9CVSS5.5AI score0.00494EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.5 views

HRMS code injection vulnerability

HRMS is a human resources management system developed by BoringError. Version 1.0.1 of HRMS contains a code injection vulnerability, which stems from incorrect operations on the function UpdateRecruitmentById in the file handler/recruitment.go. This vulnerability may lead to cross-site scripting...

5.1CVSS5.7AI score0.00191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.6 views

PT-2026-3494

Name of the Vulnerable Software and Affected Versions birkir prime versions prior to 0.4.0.beta.0 Description A resource consumption issue exists in birkir prime. The issue affects an unknown function within the GraphQL Alias Handler component, specifically through the /graphql file. The attack c...

6.9CVSS5.5AI score0.00684EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.8 views

PT-2026-3415

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler component and the /kmf/edit folder.jsp file. Manipulation of the folderid argument can lead to SQL injection. This issue is remotely...

9.8CVSS7.4AI score0.0051EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.9 views

PT-2026-3487

Name of the Vulnerable Software and Affected Versions birkir prime versions prior to 0.4.0.beta.0 Description A flaw exists in birkir prime up to version 0.4.0.beta.0. The issue resides within an unknown function of the /graphql file within the GraphQL Directive Handler component. Successful...

6.9CVSS5.6AI score0.00494EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.8 views

PT-2026-3435

Name of the Vulnerable Software and Affected Versions technical-laohu mpay versions up to 1.2.4 Description A security issue exists in the QR Code Image Handler component of technical-laohu mpay. Manipulation of the codeimg argument can lead to unrestricted upload. This issue can be exploited...

9.8CVSS5AI score0.00299EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.12 views

PT-2026-3499

A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from remote. The exploit is...

6.9CVSS5.1AI score0.00417EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.20 views

PT-2026-3489

Name of the Vulnerable Software and Affected Versions birkir versions prior to 0.4.0.beta.0 Description A flaw exists in birkir that could lead to a denial of service. The issue is located within the GraphQL Array Based Query Batch Handler component, specifically affecting an unknown function...

6.9CVSS5.7AI score0.00678EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.7 views

MiracleLinux 7 : socat-1.7.3.2-2.el7 (AXBA:2017-1813:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXBA:2017-1813:01 advisory. - The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service process freeze or crash...

7.5CVSS5.7AI score0.0393EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/18 5:18 p.m.11 views

CVE-2025-15532

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks...

7.5CVSS6.5AI score0.0098EPSS
Exploits1References1
NVD
NVD
added 2026/01/18 5:15 p.m.6 views

CVE-2026-1126

A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulatio...

6.5CVSS0.00224EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/18 4:32 p.m.3 views

CVE-2026-1126

A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulatio...

6.5CVSS5.1AI score0.00224EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/18 4:32 p.m.3 views

CVE-2026-1126 lwj flow SVG File FormResource.java uploadFile unrestricted upload

A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulatio...

6.5CVSS6.1AI score0.00224EPSS
Exploits0References5
Rows per page
Query Builder